Firewall/router

[Jonathan Hutchins]

> -----Original Message-----
> From: Glenn Crocker [mailto:glenn at netmud.com]

> Running things (ftp, admin tools, whatever) on your firewall 
> is a great way to make it vulnerable.  

I'm talking about running clients, not servers, which I agree open
vulnerabilities.  The admin tools like webmin and linuxconf are attempts to
copy the Microsoft approach, and like the Microsoft tools they're severe
security holes.  An advantage to a Linux firewall is that you can use SSH to
do all your configuration and never have to install Apache or open port 80
at all.

As to having a separate box instead of just running firewall software on
your workstation, it takes the load off the workstation, ads a layer of
protection in that the machine is physically removed, has a different IP
address, etc. You can run a minimal text-based install on the firewall, and
have X and all that on your workstation without being quite as severe about
locking down every possible port on the workstation.

With any additional workstations, you get the advantages that you can run a
private subnet and there are tools to isolate traffic by subnet very easily.